The 21 scariest data breaches of 2018

Data
breaches in 2018 compromised the personal information of
millions of people around the world.

Some of the biggest victims in 2018 include T-Mobile, Quora,
Google, and Orbitz. Facebook dealt with a slew of major breaches
and incidents that affected more than 100 million users of the
popular social network.

Here are 21 of the biggest data breaches that companies faced
this year.

It seems like every week, a new company has to notify its
customers that their data may have been compromised, and personal
information may have been affected.

Data breaches can happen for a variety of reasons. Some companies
are hacked. Data can be mishandled or sold to third parties.
Holes in a website's security system can leave information
unprotected.

Some of the biggest victims in 2018 include T-Mobile, Quora,
Google, and Orbitz. Facebook dealt with a slew of major breaches
and incidents that affected more than 100 million users of the
popular social network.

Here are the biggest data breaches that were revealed
this year, ranked by the number of users affected:

21. British Airways — 380,000

Jack Taylor / Getty

What was affected: Card payments

When it happened: August 21, 2018 - September 5,
2018

How it happened: A "criminal" hack affecting
bookings made on the airline's website and app.

19. SingHealth — 1.5 million

What was affected: Names and addresses in the
Singapore government's health database, and some patients'
history of dispensed medicines. Information on the prime minister
of Singapore was specifically targeted.

When it happened: May 1, 2015 - July 4, 2018

How it happened: Hackers orchestrated a
"deliberate, targeted, and well-planned" attack, according
to a statement.

16. Saks and Lord & Taylor — 5 million

Northfoto/Shutterstock

What was affected: Payment card numbers

When it happened: Details were never shared.

How it happened: "New York-based security
firm Gemini Advisory LLC says that a hacking group called
JokerStash announced last week that it had put up for sale more
than 5 million stolen credit and debit cards, and that the
compromised records came from Saks and Lord & Taylor
customers."

11. Ticketfly — 27 million

Shutterstock

What was affected: Personal information
including names, addresses, email addresses, and phone numbers.

When it happened: Late May 2018

How it happened: A hacker called "IsHaKdZ"
compromised the site's webmaster and "gained access to a
database titled 'backstage,' which contains client information
for all the venues, promoters, and festivals that utilize
Ticketfly's services."

10. Facebook — 29 million

What was affected: Highly sensitive data,
including locations, contact details, relationship status, recent
searches, and devices used to log in.

When it happened: July 2017 - September 2018

How it happened: "The hackers were able to
exploit vulnerabilities in Facebook's code to get their hands on
'access tokens' - essentially digital keys that give them full
access to compromised users' accounts - and then scraped users'
data."

9. Chegg — 40 million

What was affected: Personal data including
names, email addresses, shipping addresses, and account usernames
and passwords.

When it happened: April 29, 2018 - September 19,
2018

How it happened: According to Chegg's SEC
filing: "An unauthorized party gained access to a Company
database that hosts user data for chegg.com and certain of the
Company's family of brands such as EasyBib."

How it happened: Earlier this year, Google
announced it would be shutting down Google+ after a Wall
Street Journal report revealed that a software glitch
caused Google to expose the personal profile data of 500,000
Google+ users. Then again in December, Google revealed it had
experienced a second data breach that affected 52.5 million
users. Google has now decided it will shut down Google+ for good
in April 2019.

7. Cambridge Analytica — 87 million

Facebook CEO Mark Zuckerberg.Justin Sullivan/Getty Images

What was affected: Facebook profiles and data
identifying users' preferences and interests.

When it happened: 2015

How it happened: An personality prediction app
called "thisisyourdigital life," developed by a University of
Cambridge professor, improperly passed on user information to
third parties that included Cambridge Analytica, a data
analytics firm that assisted President Trump's presidential
campaign by creating targeted ads using millions of people's
voter data.

Only 270,000 Facebook users actually installed the app, but
due to Facebook's data sharing policies at the time, the app was
able to gather data on millions of their friends.

3. Exactis — 340 million

What was affected: Detailed information compiled
on millions of people and businesses including phone numbers,
addresses, personal interests and characteristics, and more.

When it happened: June 2018

How it happened: A security expert spotted a
database "with pretty much every US citizen in it"
l eft exposed "on a publicly accessible server," although
it's unclear whether any hackers accessed the information.

1. Aadhar — 1.1 billion

What was affected: Private information on India
residents, including names, their 12-digit ID numbers, and
information on connected services like bank accounts.

When it happened: It's unclear when the database
was first breached, but it was discovered in March 2018.

How it happened: India's government ID database,
which stores citizens' identity and biometric info, experienced
"a data leak on a system run by a state-owned utility
company Indane." Indane hadn't secured their API, which is used
to access the database, which gave anyone access to Aadhar
information.